Security, Privacy & The Democratization Of Data

Data gathering and profiling capabilities that today are only available to nation states will eventually be at the disposal of everyone. What then?

Fifty-one years ago President Kennedy shocked the world when he revealed reconnaissance photos of Soviet missile launch sites in Cuba. Today, I can browse satellite images of the same locations from the comfort of my sofa on Google Earth. This once top secret capability has become democratized and available to all. At some point, today's top secret technology will also be accessible from your sofa.

In the same way that few people use Google Earth to search for Cuban missile bases, the average citizen is unlikely to be concerned with identifying enemies of the state. However, the digital, networked world makes it increasingly difficult for us to keep track of the trustworthiness of people that we may need to rely on. This human need to know someone's reputation is very relevant in a networked world, in which we may never meet our closest collaborators, and may provide a strong impetus to drive the creation of a democratized data gathering system.

In retrospect, the forces that drove the democratization of satellite imagery are clear: the development of digital camera technology, the development of privatized satellite launches, and the development of the Internet to deliver images to users.

Democratizing forces are still acting to make information available that is currently restricted to government agencies. Satellite navigation systems were once available only to deliver high explosives with high accuracy. Now they are to be found in almost every phone, delivering people with high accuracy to unfamiliar addresses. Similarly databases were once costly systems running on costly hardware available only to clients with the deepest pockets. Now, open source database software can be downloaded by anyone and run on the cheapest low-end desktop.

With some thought we can discern some of the long-term forces that are currently in play.

Data storage costs are decreasing year on year, allowing us to store quantities of data that were previously unthinkable.

Tools are becoming available that can store and make sense of these increasing amounts of data, such as Hadoop and Splunk.

As the Internet continues to develop, more information will become publically available for analysis, and the resulting analyses will be freely shared. Hence, the data gathering, analysis and storage abilities that previously required dedicated government ministries and major investments in hardware, will step-by-step become available to all.

Who do you trust?In our ancestors’ villages everyone knew everyone else. The whole village knew who was trustworthy and who was not, who was skillful and who was not. If you needed someone to help you with a task, you knew who to turn to. As digital technology shrinks the world to make a global village, keeping track of others' reputation becomes tricky. With so many people to keep track of, the task becomes too much for our human capacities. Yet to collaborate in a digital world we need to be able to judge if we can trust a potential collaborator -- even if we will never physically meet them.

As governments implement systems to keep track of individuals to estimate if they are a risk to national security, we can envisage how this technology will become democratized. We can imagine systems that keep track of others' reputation to determine if they pose a risk to us through violence or fraud, if they are likely to assist us to help us achieve our goals, or if we are likely to be able to help them achieve their goals.

In a similar way as our ancestors' reputation spread within their villages, our digital reputations will be known to all. A reputation is likely to encompass the knowledge that we hold, our past deeds, the reputation of those with whom we keep company, and the opinions that others hold of us. Comprehensibly gathering such information and keeping the data accurate is within the reach of nation states, and before too long will be within the reach of private citizens.

We can already see antecedents of such functionality in the like button of Facebook, the recommendation system of Linkedin, or the crowd-sourced recommendations supplied by TripAdvisor. Our peers are able to show their approval or disapproval of our actions and display their judgements of us for others to see. We may choose to keep certain aspects of our life private, but we cannot keep private our public deeds and achievements, nor can we keep private the opinions that others may hold of us.

The changes brought by technology create many challenges for society and our individual need to manage our relationships with others. Conversely, the lack of knowledge about an individual's reputation exposes us to danger, such as fraud or engaging in personal or professional relationships that might do us harm.

The good news is that just as technology exposes us to these problems, it can also bring solutions. Governments are investing in vast data-gathering systems to identify individuals who pose a risk to society. The march of technology suggests that these systems that only governments possess today will be available to all of us in the future. In a global, digital village, reputation, integrity, and honor will be everything. As we begin the new year, it’s time to ensure that our digital reputation reflects upon us well.

Martin Lee is the technical lead for Cisco’s Threat Research, Analysis, and Communications (TRAC) Team.

Lack of knowledge about an individual's or company's reputation exposes us to no more danger in a digital world than it did in a non-digital world. In the non-digital world, you did background checks, you asked for references, you relied on trusted brands and companies, you lived by the premise that if something sounds too good to be true it probably is. The problem today is people don't do their homework on the many more people/companies/offers that come their way digitally. Do your homework--using reputation-management tools or not. Limit your exposure.

I agree entirely. I think as the world got bigger doing that due diligence became more difficult. However I suspect that technology advances are going to make following someone's history a whole lot easier.

The democratization of digital tools may be make it easier to assess the reputation of individuals and businesses, but it also creates new opportunities for abuses that we're not yet fully equipped to deal with. One of the sad undercurrents of this digital democratization is the amount of social media trashing and abuse being inflicted today on teens by their peers -- sometimes with tragic effect. Then there are the challenges of setting the records straight after having your digital identity stolen. In both cases, reputations can be completely and wronglfully compromised. Yet we still lack the tools needed to help individuals recover quickly when the digital ill-will of others strikes us or our kids.

Every advance has its disadvantages too. Your comments are entirely correct. Unfortunately the remedies for the downsides of inventions tend to lag. We're still trying to come up with ways to remedy many of the unforeseen consequences of the Internet, the importance of security being one of these. I'm sure that our future successors will wonder at how we could possibly work and live without invention X that solves problem Y which currently plagues our existence. The good news is that fame and hopefully fortune awaits the person who does invent and build the tools that will help us solve these issues.

MatiniL923, I agree. It's worth noting how safety regulations evolved in the auto industry and with the likes of Underwriters Laboratory. It's not a perfect example, I know, since flaws in software and online systems don't kill people. But there is an argument that people need more safeguards and resources to protect themselves in cyberspace than the commercial market currently provides them.

I really like the comparison between our ancestral village and today's connected global village. Back in the day when people knew each other because they lived next door, or went to the same school, or were related through marriage and family friendships that crossed generations, reputations were well known and frequently entrenched and hard to change when they were wrong). Today many of our personal and professional relationships start with email or social media: a resume to a prospective employer, a response to a rental listing on Craigslist, a comment on a product review.

While it is fairly easy undertake a rudimentary reputation check through LinkedIn, Facebook Google, etc. the con artists, predators and bullies are expert at creating attractive --and false -- public personas. So in addition to making sure our personal digital reputation is, like Caesar's wife, above reproach. We must also make sure that those we encounter in our virtual village are who they say they are.

Marilyn: A few years ago I had the honour of conversing with a law enforcement officer who was investigating a gang of internet fraudsters. The gang only recruited members from a specific ethnic group who spoke a particular dialect and whose family origin could be verified. This made infiltration by law enforcement almost impossible since their reliance on tribal ties facilitated the detection of imposters. Even in this day and age, internet fraudsters abusing the global village rely on their ancestral villages to filter out imposters.

That doesn't surprise me. My husband is a financial investigator who works for an arm of the judicial system that investigates white collar crime by lawyers against clients. He sees a lot of cases that exploit that tribal mentality of trust, where "no one in my (fill in ethnic group) would take advantage of me or steal from me."

This fact holds true across different races and tribal groups. It's quite common in China as well - the people build the rudimentary mutual trust from traditional ancestral relationships. The people living around the same community become a kind of gang. This is not common in modern cities nowadays but still holds true in those rural area and small villages.

In addition to democratization of data another reason it is easy for governments, companies and other citizens to form these "reputation profiles" is because we do not currently have great ways of controlling our online presence. The Internet2 Scaleable Privacy Project is attempting to help citizens protect their privacy and strength the nations identity ecosystem. It is attempting to put the "Informed" into Informed Consent with creation of privacy manager tools. With these types of privacy manager tools our reputation profiles will become more targeted and relevant depending on the context of our digital interactions. Without them I worry our digital interactions will be mis-understood and hence our reputations tarnished.

Published: 2015-03-03Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Published: 2015-03-03** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.